CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta allows remote attackers to execute arbitrary SQL commands via the oyun parameter.
Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) ucat parameter to upgrade.php and the (2) id parameter to linkadmin/edit.php.
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dynamic MP3 Lister 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) currentpath, (2) invert, (3) search, and (4) sort parameters.
SQL injection vulnerability in ProArcadeScript 1.3 allows remote attackers to execute arbitrary SQL commands via the random parameter to the default URI.
SQL injection vulnerability in page.php in Cars & Vehicle (aka Cars-Vehicle Script) allows remote attackers to execute arbitrary SQL commands via the lnkid parameter.
SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter.
create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message.
SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid parameter.
Cross-site scripting (XSS) vulnerability in verify_login.jsp in Pro2col Stingray FTS allows remote attackers to inject arbitrary web script or HTML via the form_username parameter (aka user name field).
useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account.